The transportation industry is increasingly being targeted by hackers

According to the 2015 version of the ‘Transportation Systems Sector-Specific Plan’ the transportation industry is increasingly exposed to cyber threats.

The transportation industry is considered part of the critical infrastructure of a country, and according to the IBM’s X-Force security team is it a privileged target for hackers.

The report, Security Trends in the Transportation Industry, published by IBM this week confirms that cybercriminals are targeting the systems used in the industry, this means that trains, planes, and automobiles are under incessant attacks.

“According to the 2015 version of the “Transportation Systems Sector-Specific Plan,” the transportation sector is increasingly vulnerable to cyberthreats as a result of “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.”” states the analysis published by IBM.

Systems used in the transportation industry are used to manage a large volume of data that could be stolen by crooks that intend to resell them on the dark web. Another precious good in the dark web are for example the flier points.

“We are seeing this industry emerging as high-value target right alongside healthcare, manufacturing, financial services and government,” said Michelle Alvarez, Threat Researcher and Editor at IBM Managed Security Services.

Giving a close look to the techniques adopted by attackers we note that denial of service attacks and malicious attachments and links accounted for over 44 percent of the attacks targeting organization in the sector between March 1, 2015 and May 15, 2016.

The practice of the extortion is very common, DDoS attacks above all but we cannot underestimate the ransomware threat.

IBM experts also warn about terrorism the threat, sabotage and the theft of data that could be used in terrorist attacks remain main concerns of the experts.

“Risks to critical transportation infrastructure include natural disasters as well as manmade physical and cyber threats. Manmade threats include terrorism, vandalism, theft, technological failures, and accidents. Cyber threats to the Sector are of concern because of the growing reliance on cyberbased control, navigation, tracking, positioning, and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation. “states the report “Security Trends in the Transportation Industry,”

“Terrorist attacks, whether physical or cyber, can significantly disrupt vital transportation services and cause long-term sociological and economic consequences. “

When dealing with hacking in the transportation industry we cannon avoid to mention the demonstrative attacks against a Jeep Cherokee last year and the alleged hack of computer systems aboard a commercial flight.

One of the most clamorous incidents occurred in June 2015 when the Polish national airline, LOT, announced that it has cancelled 10 flights due to a cyber attack against the airline’s ground computer systems at Warsaw’s Okecie airport.

Back in 2014, the Chinese national train reservation system was targeted by hackers who stole customers’ personal data.

Keep secure all the system in the transportation industry is challenging, many factors complicate the activity such as the numerous privatizations that are occurring in the sector.

It is a responsibility of each operator to identify the threats and the risk of exposure and mitigate them by applying the recommendations shared by the Government for the protection of critical infrastructure.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – transportation industry, cyber security)